Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
ce4c20f5 by Salvatore Bonaccorso at 2018-03-01T07:40:48+01:00
Add commits for CVE-2017-15130/dovecot
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -26159,10 +26159,16 @@ CVE-2017-15131 (It was found that system umask policy
is not being honored when
NOTE: sessions.
NOTE: Enforcements can be achieved e.g. by using pam_umask.
NOTE: http://bugs.freedesktop.org/show_bug.cgi?id=102303
-CVE-2017-15130
+CVE-2017-15130 [TLS SNI config lookups are inefficient and can be used for DoS]
RESERVED
- dovecot <unfixed>
NOTE:
https://www.dovecot.org/list/dovecot-news/2018-February/000370.html
+ NOTE:
https://github.com/dovecot/core/commit/22311315b9f780211329c1522eb5aaa4faaa9391
+ NOTE:
https://github.com/dovecot/core/commit/f3504763c27c2661716c0d1dbd3e0fc662107a21
+ NOTE:
https://github.com/dovecot/core/commit/02da33a59fddd51cc3b8d95989de95574b7332f1
+ NOTE:
https://github.com/dovecot/core/commit/390592e6af07e02064ebdbb1bbcf06528887370f
+ NOTE:
https://github.com/dovecot/core/commit/bc27538d084e01a7a1aca3330e27aebfc0e311eb
+ NOTE:
https://github.com/dovecot/core/commit/00016646cc32a3fa1cf54c22ed7388ed06bbc0f1
CVE-2017-15129 (A use-after-free vulnerability was found in network namespaces
code ...)
- linux 4.14.12-1
[stretch] - linux 4.9.80-1
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ce4c20f57f8e38ec305b87b8fdab822303918672
---
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/commit/ce4c20f57f8e38ec305b87b8fdab822303918672
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
Secure-testing-commits mailing list
Secure-testing-commits@lists.alioth.debian.org
http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-commits
